ssl_client2.c 55 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673
  1. /*
  2. * SSL client with certificate authentication
  3. *
  4. * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
  5. * SPDX-License-Identifier: Apache-2.0
  6. *
  7. * Licensed under the Apache License, Version 2.0 (the "License"); you may
  8. * not use this file except in compliance with the License.
  9. * You may obtain a copy of the License at
  10. *
  11. * http://www.apache.org/licenses/LICENSE-2.0
  12. *
  13. * Unless required by applicable law or agreed to in writing, software
  14. * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  15. * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16. * See the License for the specific language governing permissions and
  17. * limitations under the License.
  18. *
  19. * This file is part of mbed TLS (https://tls.mbed.org)
  20. */
  21. #if !defined(MBEDTLS_CONFIG_FILE)
  22. #include "mbedtls/config.h"
  23. #else
  24. #include MBEDTLS_CONFIG_FILE
  25. #endif
  26. #if defined(MBEDTLS_PLATFORM_C)
  27. #include "mbedtls/platform.h"
  28. #else
  29. #include <stdio.h>
  30. #include <stdlib.h>
  31. #define mbedtls_time time
  32. #define mbedtls_time_t time_t
  33. #define mbedtls_printf printf
  34. #define mbedtls_fprintf fprintf
  35. #define mbedtls_snprintf snprintf
  36. #endif
  37. #if !defined(MBEDTLS_ENTROPY_C) || \
  38. !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
  39. !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C)
  40. int main( void )
  41. {
  42. mbedtls_printf("MBEDTLS_ENTROPY_C and/or "
  43. "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
  44. "MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
  45. return( 0 );
  46. }
  47. #else
  48. #include "mbedtls/net_sockets.h"
  49. #include "mbedtls/ssl.h"
  50. #include "mbedtls/entropy.h"
  51. #include "mbedtls/ctr_drbg.h"
  52. #include "mbedtls/certs.h"
  53. #include "mbedtls/x509.h"
  54. #include "mbedtls/error.h"
  55. #include "mbedtls/debug.h"
  56. #include "mbedtls/timing.h"
  57. #include <stdio.h>
  58. #include <stdlib.h>
  59. #include <string.h>
  60. #define DFL_SERVER_NAME "localhost"
  61. #define DFL_SERVER_ADDR NULL
  62. #define DFL_SERVER_PORT "4433"
  63. #define DFL_REQUEST_PAGE "/"
  64. #define DFL_REQUEST_SIZE -1
  65. #define DFL_DEBUG_LEVEL 0
  66. #define DFL_NBIO 0
  67. #define DFL_READ_TIMEOUT 0
  68. #define DFL_MAX_RESEND 0
  69. #define DFL_CA_FILE ""
  70. #define DFL_CA_PATH ""
  71. #define DFL_CRT_FILE ""
  72. #define DFL_KEY_FILE ""
  73. #define DFL_PSK ""
  74. #define DFL_PSK_IDENTITY "Client_identity"
  75. #define DFL_ECJPAKE_PW NULL
  76. #define DFL_FORCE_CIPHER 0
  77. #define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
  78. #define DFL_ALLOW_LEGACY -2
  79. #define DFL_RENEGOTIATE 0
  80. #define DFL_EXCHANGES 1
  81. #define DFL_MIN_VERSION -1
  82. #define DFL_MAX_VERSION -1
  83. #define DFL_ARC4 -1
  84. #define DFL_AUTH_MODE -1
  85. #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
  86. #define DFL_TRUNC_HMAC -1
  87. #define DFL_RECSPLIT -1
  88. #define DFL_DHMLEN -1
  89. #define DFL_RECONNECT 0
  90. #define DFL_RECO_DELAY 0
  91. #define DFL_RECONNECT_HARD 0
  92. #define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
  93. #define DFL_ALPN_STRING NULL
  94. #define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
  95. #define DFL_HS_TO_MIN 0
  96. #define DFL_HS_TO_MAX 0
  97. #define DFL_FALLBACK -1
  98. #define DFL_EXTENDED_MS -1
  99. #define DFL_ETM -1
  100. #define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
  101. #define GET_REQUEST_END "\r\n\r\n"
  102. #if defined(MBEDTLS_X509_CRT_PARSE_C)
  103. #if defined(MBEDTLS_FS_IO)
  104. #define USAGE_IO \
  105. " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
  106. " default: \"\" (pre-loaded)\n" \
  107. " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
  108. " default: \"\" (pre-loaded) (overrides ca_file)\n" \
  109. " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
  110. " default: \"\" (pre-loaded)\n" \
  111. " key_file=%%s default: \"\" (pre-loaded)\n"
  112. #else
  113. #define USAGE_IO \
  114. " No file operations available (MBEDTLS_FS_IO not defined)\n"
  115. #endif /* MBEDTLS_FS_IO */
  116. #else
  117. #define USAGE_IO ""
  118. #endif /* MBEDTLS_X509_CRT_PARSE_C */
  119. #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
  120. #define USAGE_PSK \
  121. " psk=%%s default: \"\" (in hex, without 0x)\n" \
  122. " psk_identity=%%s default: \"Client_identity\"\n"
  123. #else
  124. #define USAGE_PSK ""
  125. #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
  126. #if defined(MBEDTLS_SSL_SESSION_TICKETS)
  127. #define USAGE_TICKETS \
  128. " tickets=%%d default: 1 (enabled)\n"
  129. #else
  130. #define USAGE_TICKETS ""
  131. #endif /* MBEDTLS_SSL_SESSION_TICKETS */
  132. #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
  133. #define USAGE_TRUNC_HMAC \
  134. " trunc_hmac=%%d default: library default\n"
  135. #else
  136. #define USAGE_TRUNC_HMAC ""
  137. #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
  138. #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
  139. #define USAGE_MAX_FRAG_LEN \
  140. " max_frag_len=%%d default: 16384 (tls default)\n" \
  141. " options: 512, 1024, 2048, 4096\n"
  142. #else
  143. #define USAGE_MAX_FRAG_LEN ""
  144. #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
  145. #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
  146. #define USAGE_RECSPLIT \
  147. " recsplit=0/1 default: (library default: on)\n"
  148. #else
  149. #define USAGE_RECSPLIT
  150. #endif
  151. #if defined(MBEDTLS_DHM_C)
  152. #define USAGE_DHMLEN \
  153. " dhmlen=%%d default: (library default: 1024 bits)\n"
  154. #else
  155. #define USAGE_DHMLEN
  156. #endif
  157. #if defined(MBEDTLS_SSL_ALPN)
  158. #define USAGE_ALPN \
  159. " alpn=%%s default: \"\" (disabled)\n" \
  160. " example: spdy/1,http/1.1\n"
  161. #else
  162. #define USAGE_ALPN ""
  163. #endif /* MBEDTLS_SSL_ALPN */
  164. #if defined(MBEDTLS_SSL_PROTO_DTLS)
  165. #define USAGE_DTLS \
  166. " dtls=%%d default: 0 (TLS)\n" \
  167. " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
  168. " range of DTLS handshake timeouts in millisecs\n"
  169. #else
  170. #define USAGE_DTLS ""
  171. #endif
  172. #if defined(MBEDTLS_SSL_FALLBACK_SCSV)
  173. #define USAGE_FALLBACK \
  174. " fallback=0/1 default: (library default: off)\n"
  175. #else
  176. #define USAGE_FALLBACK ""
  177. #endif
  178. #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
  179. #define USAGE_EMS \
  180. " extended_ms=0/1 default: (library default: on)\n"
  181. #else
  182. #define USAGE_EMS ""
  183. #endif
  184. #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
  185. #define USAGE_ETM \
  186. " etm=0/1 default: (library default: on)\n"
  187. #else
  188. #define USAGE_ETM ""
  189. #endif
  190. #if defined(MBEDTLS_SSL_RENEGOTIATION)
  191. #define USAGE_RENEGO \
  192. " renegotiation=%%d default: 0 (disabled)\n" \
  193. " renegotiate=%%d default: 0 (disabled)\n"
  194. #else
  195. #define USAGE_RENEGO ""
  196. #endif
  197. #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
  198. #define USAGE_ECJPAKE \
  199. " ecjpake_pw=%%s default: none (disabled)\n"
  200. #else
  201. #define USAGE_ECJPAKE ""
  202. #endif
  203. #define USAGE \
  204. "\n usage: ssl_client2 param=<>...\n" \
  205. "\n acceptable parameters:\n" \
  206. " server_name=%%s default: localhost\n" \
  207. " server_addr=%%s default: given by name\n" \
  208. " server_port=%%d default: 4433\n" \
  209. " request_page=%%s default: \".\"\n" \
  210. " request_size=%%d default: about 34 (basic request)\n" \
  211. " (minimum: 0, max: 16384)\n" \
  212. " debug_level=%%d default: 0 (disabled)\n" \
  213. " nbio=%%d default: 0 (blocking I/O)\n" \
  214. " options: 1 (non-blocking), 2 (added delays)\n" \
  215. " read_timeout=%%d default: 0 ms (no timeout)\n" \
  216. " max_resend=%%d default: 0 (no resend on timeout)\n" \
  217. "\n" \
  218. USAGE_DTLS \
  219. "\n" \
  220. " auth_mode=%%s default: (library default: none)\n" \
  221. " options: none, optional, required\n" \
  222. USAGE_IO \
  223. "\n" \
  224. USAGE_PSK \
  225. USAGE_ECJPAKE \
  226. "\n" \
  227. " allow_legacy=%%d default: (library default: no)\n" \
  228. USAGE_RENEGO \
  229. " exchanges=%%d default: 1\n" \
  230. " reconnect=%%d default: 0 (disabled)\n" \
  231. " reco_delay=%%d default: 0 seconds\n" \
  232. " reconnect_hard=%%d default: 0 (disabled)\n" \
  233. USAGE_TICKETS \
  234. USAGE_MAX_FRAG_LEN \
  235. USAGE_TRUNC_HMAC \
  236. USAGE_ALPN \
  237. USAGE_FALLBACK \
  238. USAGE_EMS \
  239. USAGE_ETM \
  240. USAGE_RECSPLIT \
  241. USAGE_DHMLEN \
  242. "\n" \
  243. " arc4=%%d default: (library default: 0)\n" \
  244. " min_version=%%s default: (library default: tls1)\n" \
  245. " max_version=%%s default: (library default: tls1_2)\n" \
  246. " force_version=%%s default: \"\" (none)\n" \
  247. " options: ssl3, tls1, tls1_1, tls1_2, dtls1, dtls1_2\n" \
  248. "\n" \
  249. " force_ciphersuite=<name> default: all enabled\n"\
  250. " acceptable ciphersuite names:\n"
  251. /*
  252. * global options
  253. */
  254. struct options
  255. {
  256. const char *server_name; /* hostname of the server (client only) */
  257. const char *server_addr; /* address of the server (client only) */
  258. const char *server_port; /* port on which the ssl service runs */
  259. int debug_level; /* level of debugging */
  260. int nbio; /* should I/O be blocking? */
  261. uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
  262. int max_resend; /* DTLS times to resend on read timeout */
  263. const char *request_page; /* page on server to request */
  264. int request_size; /* pad request with header to requested size */
  265. const char *ca_file; /* the file with the CA certificate(s) */
  266. const char *ca_path; /* the path with the CA certificate(s) reside */
  267. const char *crt_file; /* the file with the client certificate */
  268. const char *key_file; /* the file with the client key */
  269. const char *psk; /* the pre-shared key */
  270. const char *psk_identity; /* the pre-shared key identity */
  271. const char *ecjpake_pw; /* the EC J-PAKE password */
  272. int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
  273. int renegotiation; /* enable / disable renegotiation */
  274. int allow_legacy; /* allow legacy renegotiation */
  275. int renegotiate; /* attempt renegotiation? */
  276. int renego_delay; /* delay before enforcing renegotiation */
  277. int exchanges; /* number of data exchanges */
  278. int min_version; /* minimum protocol version accepted */
  279. int max_version; /* maximum protocol version accepted */
  280. int arc4; /* flag for arc4 suites support */
  281. int auth_mode; /* verify mode for connection */
  282. unsigned char mfl_code; /* code for maximum fragment length */
  283. int trunc_hmac; /* negotiate truncated hmac or not */
  284. int recsplit; /* enable record splitting? */
  285. int dhmlen; /* minimum DHM params len in bits */
  286. int reconnect; /* attempt to resume session */
  287. int reco_delay; /* delay in seconds before resuming session */
  288. int reconnect_hard; /* unexpectedly reconnect from the same port */
  289. int tickets; /* enable / disable session tickets */
  290. const char *alpn_string; /* ALPN supported protocols */
  291. int transport; /* TLS or DTLS? */
  292. uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
  293. uint32_t hs_to_max; /* Max value of DTLS handshake timer */
  294. int fallback; /* is this a fallback connection? */
  295. int extended_ms; /* negotiate extended master secret? */
  296. int etm; /* negotiate encrypt then mac? */
  297. } opt;
  298. static void my_debug( void *ctx, int level,
  299. const char *file, int line,
  300. const char *str )
  301. {
  302. const char *p, *basename;
  303. /* Extract basename from file */
  304. for( p = basename = file; *p != '\0'; p++ )
  305. if( *p == '/' || *p == '\\' )
  306. basename = p + 1;
  307. mbedtls_fprintf( (FILE *) ctx, "%s:%04d: |%d| %s", basename, line, level, str );
  308. fflush( (FILE *) ctx );
  309. }
  310. /*
  311. * Test recv/send functions that make sure each try returns
  312. * WANT_READ/WANT_WRITE at least once before sucesseding
  313. */
  314. static int my_recv( void *ctx, unsigned char *buf, size_t len )
  315. {
  316. static int first_try = 1;
  317. int ret;
  318. if( first_try )
  319. {
  320. first_try = 0;
  321. return( MBEDTLS_ERR_SSL_WANT_READ );
  322. }
  323. ret = mbedtls_net_recv( ctx, buf, len );
  324. if( ret != MBEDTLS_ERR_SSL_WANT_READ )
  325. first_try = 1; /* Next call will be a new operation */
  326. return( ret );
  327. }
  328. static int my_send( void *ctx, const unsigned char *buf, size_t len )
  329. {
  330. static int first_try = 1;
  331. int ret;
  332. if( first_try )
  333. {
  334. first_try = 0;
  335. return( MBEDTLS_ERR_SSL_WANT_WRITE );
  336. }
  337. ret = mbedtls_net_send( ctx, buf, len );
  338. if( ret != MBEDTLS_ERR_SSL_WANT_WRITE )
  339. first_try = 1; /* Next call will be a new operation */
  340. return( ret );
  341. }
  342. #if defined(MBEDTLS_X509_CRT_PARSE_C)
  343. /*
  344. * Enabled if debug_level > 1 in code below
  345. */
  346. static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags )
  347. {
  348. char buf[1024];
  349. ((void) data);
  350. mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
  351. mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
  352. mbedtls_printf( "%s", buf );
  353. if ( ( *flags ) == 0 )
  354. mbedtls_printf( " This certificate has no flags\n" );
  355. else
  356. {
  357. mbedtls_x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags );
  358. mbedtls_printf( "%s\n", buf );
  359. }
  360. return( 0 );
  361. }
  362. #endif /* MBEDTLS_X509_CRT_PARSE_C */
  363. int main( int argc, char *argv[] )
  364. {
  365. int ret = 0, len, tail_len, i, written, frags, retry_left;
  366. mbedtls_net_context server_fd;
  367. unsigned char buf[MBEDTLS_SSL_MAX_CONTENT_LEN + 1];
  368. #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
  369. unsigned char psk[MBEDTLS_PSK_MAX_LEN];
  370. size_t psk_len = 0;
  371. #endif
  372. #if defined(MBEDTLS_SSL_ALPN)
  373. const char *alpn_list[10];
  374. #endif
  375. const char *pers = "ssl_client2";
  376. mbedtls_entropy_context entropy;
  377. mbedtls_ctr_drbg_context ctr_drbg;
  378. mbedtls_ssl_context ssl;
  379. mbedtls_ssl_config conf;
  380. mbedtls_ssl_session saved_session;
  381. #if defined(MBEDTLS_TIMING_C)
  382. mbedtls_timing_delay_context timer;
  383. #endif
  384. #if defined(MBEDTLS_X509_CRT_PARSE_C)
  385. uint32_t flags;
  386. mbedtls_x509_crt cacert;
  387. mbedtls_x509_crt clicert;
  388. mbedtls_pk_context pkey;
  389. #endif
  390. char *p, *q;
  391. const int *list;
  392. /*
  393. * Make sure memory references are valid.
  394. */
  395. mbedtls_net_init( &server_fd );
  396. mbedtls_ssl_init( &ssl );
  397. mbedtls_ssl_config_init( &conf );
  398. memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
  399. mbedtls_ctr_drbg_init( &ctr_drbg );
  400. #if defined(MBEDTLS_X509_CRT_PARSE_C)
  401. mbedtls_x509_crt_init( &cacert );
  402. mbedtls_x509_crt_init( &clicert );
  403. mbedtls_pk_init( &pkey );
  404. #endif
  405. #if defined(MBEDTLS_SSL_ALPN)
  406. memset( (void * ) alpn_list, 0, sizeof( alpn_list ) );
  407. #endif
  408. if( argc == 0 )
  409. {
  410. usage:
  411. if( ret == 0 )
  412. ret = 1;
  413. mbedtls_printf( USAGE );
  414. list = mbedtls_ssl_list_ciphersuites();
  415. while( *list )
  416. {
  417. mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name( *list ) );
  418. list++;
  419. if( !*list )
  420. break;
  421. mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name( *list ) );
  422. list++;
  423. }
  424. mbedtls_printf("\n");
  425. goto exit;
  426. }
  427. opt.server_name = DFL_SERVER_NAME;
  428. opt.server_addr = DFL_SERVER_ADDR;
  429. opt.server_port = DFL_SERVER_PORT;
  430. opt.debug_level = DFL_DEBUG_LEVEL;
  431. opt.nbio = DFL_NBIO;
  432. opt.read_timeout = DFL_READ_TIMEOUT;
  433. opt.max_resend = DFL_MAX_RESEND;
  434. opt.request_page = DFL_REQUEST_PAGE;
  435. opt.request_size = DFL_REQUEST_SIZE;
  436. opt.ca_file = DFL_CA_FILE;
  437. opt.ca_path = DFL_CA_PATH;
  438. opt.crt_file = DFL_CRT_FILE;
  439. opt.key_file = DFL_KEY_FILE;
  440. opt.psk = DFL_PSK;
  441. opt.psk_identity = DFL_PSK_IDENTITY;
  442. opt.ecjpake_pw = DFL_ECJPAKE_PW;
  443. opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
  444. opt.renegotiation = DFL_RENEGOTIATION;
  445. opt.allow_legacy = DFL_ALLOW_LEGACY;
  446. opt.renegotiate = DFL_RENEGOTIATE;
  447. opt.exchanges = DFL_EXCHANGES;
  448. opt.min_version = DFL_MIN_VERSION;
  449. opt.max_version = DFL_MAX_VERSION;
  450. opt.arc4 = DFL_ARC4;
  451. opt.auth_mode = DFL_AUTH_MODE;
  452. opt.mfl_code = DFL_MFL_CODE;
  453. opt.trunc_hmac = DFL_TRUNC_HMAC;
  454. opt.recsplit = DFL_RECSPLIT;
  455. opt.dhmlen = DFL_DHMLEN;
  456. opt.reconnect = DFL_RECONNECT;
  457. opt.reco_delay = DFL_RECO_DELAY;
  458. opt.reconnect_hard = DFL_RECONNECT_HARD;
  459. opt.tickets = DFL_TICKETS;
  460. opt.alpn_string = DFL_ALPN_STRING;
  461. opt.transport = DFL_TRANSPORT;
  462. opt.hs_to_min = DFL_HS_TO_MIN;
  463. opt.hs_to_max = DFL_HS_TO_MAX;
  464. opt.fallback = DFL_FALLBACK;
  465. opt.extended_ms = DFL_EXTENDED_MS;
  466. opt.etm = DFL_ETM;
  467. for( i = 1; i < argc; i++ )
  468. {
  469. p = argv[i];
  470. if( ( q = strchr( p, '=' ) ) == NULL )
  471. goto usage;
  472. *q++ = '\0';
  473. if( strcmp( p, "server_name" ) == 0 )
  474. opt.server_name = q;
  475. else if( strcmp( p, "server_addr" ) == 0 )
  476. opt.server_addr = q;
  477. else if( strcmp( p, "server_port" ) == 0 )
  478. opt.server_port = q;
  479. else if( strcmp( p, "dtls" ) == 0 )
  480. {
  481. int t = atoi( q );
  482. if( t == 0 )
  483. opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM;
  484. else if( t == 1 )
  485. opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
  486. else
  487. goto usage;
  488. }
  489. else if( strcmp( p, "debug_level" ) == 0 )
  490. {
  491. opt.debug_level = atoi( q );
  492. if( opt.debug_level < 0 || opt.debug_level > 65535 )
  493. goto usage;
  494. }
  495. else if( strcmp( p, "nbio" ) == 0 )
  496. {
  497. opt.nbio = atoi( q );
  498. if( opt.nbio < 0 || opt.nbio > 2 )
  499. goto usage;
  500. }
  501. else if( strcmp( p, "read_timeout" ) == 0 )
  502. opt.read_timeout = atoi( q );
  503. else if( strcmp( p, "max_resend" ) == 0 )
  504. {
  505. opt.max_resend = atoi( q );
  506. if( opt.max_resend < 0 )
  507. goto usage;
  508. }
  509. else if( strcmp( p, "request_page" ) == 0 )
  510. opt.request_page = q;
  511. else if( strcmp( p, "request_size" ) == 0 )
  512. {
  513. opt.request_size = atoi( q );
  514. if( opt.request_size < 0 || opt.request_size > MBEDTLS_SSL_MAX_CONTENT_LEN )
  515. goto usage;
  516. }
  517. else if( strcmp( p, "ca_file" ) == 0 )
  518. opt.ca_file = q;
  519. else if( strcmp( p, "ca_path" ) == 0 )
  520. opt.ca_path = q;
  521. else if( strcmp( p, "crt_file" ) == 0 )
  522. opt.crt_file = q;
  523. else if( strcmp( p, "key_file" ) == 0 )
  524. opt.key_file = q;
  525. else if( strcmp( p, "psk" ) == 0 )
  526. opt.psk = q;
  527. else if( strcmp( p, "psk_identity" ) == 0 )
  528. opt.psk_identity = q;
  529. else if( strcmp( p, "ecjpake_pw" ) == 0 )
  530. opt.ecjpake_pw = q;
  531. else if( strcmp( p, "force_ciphersuite" ) == 0 )
  532. {
  533. opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );
  534. if( opt.force_ciphersuite[0] == 0 )
  535. {
  536. ret = 2;
  537. goto usage;
  538. }
  539. opt.force_ciphersuite[1] = 0;
  540. }
  541. else if( strcmp( p, "renegotiation" ) == 0 )
  542. {
  543. opt.renegotiation = (atoi( q )) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED :
  544. MBEDTLS_SSL_RENEGOTIATION_DISABLED;
  545. }
  546. else if( strcmp( p, "allow_legacy" ) == 0 )
  547. {
  548. switch( atoi( q ) )
  549. {
  550. case -1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE; break;
  551. case 0: opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; break;
  552. case 1: opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION; break;
  553. default: goto usage;
  554. }
  555. }
  556. else if( strcmp( p, "renegotiate" ) == 0 )
  557. {
  558. opt.renegotiate = atoi( q );
  559. if( opt.renegotiate < 0 || opt.renegotiate > 1 )
  560. goto usage;
  561. }
  562. else if( strcmp( p, "exchanges" ) == 0 )
  563. {
  564. opt.exchanges = atoi( q );
  565. if( opt.exchanges < 1 )
  566. goto usage;
  567. }
  568. else if( strcmp( p, "reconnect" ) == 0 )
  569. {
  570. opt.reconnect = atoi( q );
  571. if( opt.reconnect < 0 || opt.reconnect > 2 )
  572. goto usage;
  573. }
  574. else if( strcmp( p, "reco_delay" ) == 0 )
  575. {
  576. opt.reco_delay = atoi( q );
  577. if( opt.reco_delay < 0 )
  578. goto usage;
  579. }
  580. else if( strcmp( p, "reconnect_hard" ) == 0 )
  581. {
  582. opt.reconnect_hard = atoi( q );
  583. if( opt.reconnect_hard < 0 || opt.reconnect_hard > 1 )
  584. goto usage;
  585. }
  586. else if( strcmp( p, "tickets" ) == 0 )
  587. {
  588. opt.tickets = atoi( q );
  589. if( opt.tickets < 0 || opt.tickets > 2 )
  590. goto usage;
  591. }
  592. else if( strcmp( p, "alpn" ) == 0 )
  593. {
  594. opt.alpn_string = q;
  595. }
  596. else if( strcmp( p, "fallback" ) == 0 )
  597. {
  598. switch( atoi( q ) )
  599. {
  600. case 0: opt.fallback = MBEDTLS_SSL_IS_NOT_FALLBACK; break;
  601. case 1: opt.fallback = MBEDTLS_SSL_IS_FALLBACK; break;
  602. default: goto usage;
  603. }
  604. }
  605. else if( strcmp( p, "extended_ms" ) == 0 )
  606. {
  607. switch( atoi( q ) )
  608. {
  609. case 0: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED; break;
  610. case 1: opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED; break;
  611. default: goto usage;
  612. }
  613. }
  614. else if( strcmp( p, "etm" ) == 0 )
  615. {
  616. switch( atoi( q ) )
  617. {
  618. case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break;
  619. case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break;
  620. default: goto usage;
  621. }
  622. }
  623. else if( strcmp( p, "min_version" ) == 0 )
  624. {
  625. if( strcmp( q, "ssl3" ) == 0 )
  626. opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
  627. else if( strcmp( q, "tls1" ) == 0 )
  628. opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
  629. else if( strcmp( q, "tls1_1" ) == 0 ||
  630. strcmp( q, "dtls1" ) == 0 )
  631. opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
  632. else if( strcmp( q, "tls1_2" ) == 0 ||
  633. strcmp( q, "dtls1_2" ) == 0 )
  634. opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
  635. else
  636. goto usage;
  637. }
  638. else if( strcmp( p, "max_version" ) == 0 )
  639. {
  640. if( strcmp( q, "ssl3" ) == 0 )
  641. opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
  642. else if( strcmp( q, "tls1" ) == 0 )
  643. opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
  644. else if( strcmp( q, "tls1_1" ) == 0 ||
  645. strcmp( q, "dtls1" ) == 0 )
  646. opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
  647. else if( strcmp( q, "tls1_2" ) == 0 ||
  648. strcmp( q, "dtls1_2" ) == 0 )
  649. opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
  650. else
  651. goto usage;
  652. }
  653. else if( strcmp( p, "arc4" ) == 0 )
  654. {
  655. switch( atoi( q ) )
  656. {
  657. case 0: opt.arc4 = MBEDTLS_SSL_ARC4_DISABLED; break;
  658. case 1: opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED; break;
  659. default: goto usage;
  660. }
  661. }
  662. else if( strcmp( p, "force_version" ) == 0 )
  663. {
  664. if( strcmp( q, "ssl3" ) == 0 )
  665. {
  666. opt.min_version = MBEDTLS_SSL_MINOR_VERSION_0;
  667. opt.max_version = MBEDTLS_SSL_MINOR_VERSION_0;
  668. }
  669. else if( strcmp( q, "tls1" ) == 0 )
  670. {
  671. opt.min_version = MBEDTLS_SSL_MINOR_VERSION_1;
  672. opt.max_version = MBEDTLS_SSL_MINOR_VERSION_1;
  673. }
  674. else if( strcmp( q, "tls1_1" ) == 0 )
  675. {
  676. opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
  677. opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
  678. }
  679. else if( strcmp( q, "tls1_2" ) == 0 )
  680. {
  681. opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
  682. opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
  683. }
  684. else if( strcmp( q, "dtls1" ) == 0 )
  685. {
  686. opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
  687. opt.max_version = MBEDTLS_SSL_MINOR_VERSION_2;
  688. opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
  689. }
  690. else if( strcmp( q, "dtls1_2" ) == 0 )
  691. {
  692. opt.min_version = MBEDTLS_SSL_MINOR_VERSION_3;
  693. opt.max_version = MBEDTLS_SSL_MINOR_VERSION_3;
  694. opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
  695. }
  696. else
  697. goto usage;
  698. }
  699. else if( strcmp( p, "auth_mode" ) == 0 )
  700. {
  701. if( strcmp( q, "none" ) == 0 )
  702. opt.auth_mode = MBEDTLS_SSL_VERIFY_NONE;
  703. else if( strcmp( q, "optional" ) == 0 )
  704. opt.auth_mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
  705. else if( strcmp( q, "required" ) == 0 )
  706. opt.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
  707. else
  708. goto usage;
  709. }
  710. else if( strcmp( p, "max_frag_len" ) == 0 )
  711. {
  712. if( strcmp( q, "512" ) == 0 )
  713. opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
  714. else if( strcmp( q, "1024" ) == 0 )
  715. opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024;
  716. else if( strcmp( q, "2048" ) == 0 )
  717. opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048;
  718. else if( strcmp( q, "4096" ) == 0 )
  719. opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096;
  720. else
  721. goto usage;
  722. }
  723. else if( strcmp( p, "trunc_hmac" ) == 0 )
  724. {
  725. switch( atoi( q ) )
  726. {
  727. case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break;
  728. case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break;
  729. default: goto usage;
  730. }
  731. }
  732. else if( strcmp( p, "hs_timeout" ) == 0 )
  733. {
  734. if( ( p = strchr( q, '-' ) ) == NULL )
  735. goto usage;
  736. *p++ = '\0';
  737. opt.hs_to_min = atoi( q );
  738. opt.hs_to_max = atoi( p );
  739. if( opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min )
  740. goto usage;
  741. }
  742. else if( strcmp( p, "recsplit" ) == 0 )
  743. {
  744. opt.recsplit = atoi( q );
  745. if( opt.recsplit < 0 || opt.recsplit > 1 )
  746. goto usage;
  747. }
  748. else if( strcmp( p, "dhmlen" ) == 0 )
  749. {
  750. opt.dhmlen = atoi( q );
  751. if( opt.dhmlen < 0 )
  752. goto usage;
  753. }
  754. else
  755. goto usage;
  756. }
  757. #if defined(MBEDTLS_DEBUG_C)
  758. mbedtls_debug_set_threshold( opt.debug_level );
  759. #endif
  760. if( opt.force_ciphersuite[0] > 0 )
  761. {
  762. const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
  763. ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( opt.force_ciphersuite[0] );
  764. if( opt.max_version != -1 &&
  765. ciphersuite_info->min_minor_ver > opt.max_version )
  766. {
  767. mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
  768. ret = 2;
  769. goto usage;
  770. }
  771. if( opt.min_version != -1 &&
  772. ciphersuite_info->max_minor_ver < opt.min_version )
  773. {
  774. mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
  775. ret = 2;
  776. goto usage;
  777. }
  778. /* If the server selects a version that's not supported by
  779. * this suite, then there will be no common ciphersuite... */
  780. if( opt.max_version == -1 ||
  781. opt.max_version > ciphersuite_info->max_minor_ver )
  782. {
  783. opt.max_version = ciphersuite_info->max_minor_ver;
  784. }
  785. if( opt.min_version < ciphersuite_info->min_minor_ver )
  786. {
  787. opt.min_version = ciphersuite_info->min_minor_ver;
  788. /* DTLS starts with TLS 1.1 */
  789. if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
  790. opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 )
  791. opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2;
  792. }
  793. /* Enable RC4 if needed and not explicitly disabled */
  794. if( ciphersuite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
  795. {
  796. if( opt.arc4 == MBEDTLS_SSL_ARC4_DISABLED )
  797. {
  798. mbedtls_printf("forced RC4 ciphersuite with RC4 disabled\n");
  799. ret = 2;
  800. goto usage;
  801. }
  802. opt.arc4 = MBEDTLS_SSL_ARC4_ENABLED;
  803. }
  804. }
  805. #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
  806. /*
  807. * Unhexify the pre-shared key if any is given
  808. */
  809. if( strlen( opt.psk ) )
  810. {
  811. unsigned char c;
  812. size_t j;
  813. if( strlen( opt.psk ) % 2 != 0 )
  814. {
  815. mbedtls_printf("pre-shared key not valid hex\n");
  816. goto exit;
  817. }
  818. psk_len = strlen( opt.psk ) / 2;
  819. for( j = 0; j < strlen( opt.psk ); j += 2 )
  820. {
  821. c = opt.psk[j];
  822. if( c >= '0' && c <= '9' )
  823. c -= '0';
  824. else if( c >= 'a' && c <= 'f' )
  825. c -= 'a' - 10;
  826. else if( c >= 'A' && c <= 'F' )
  827. c -= 'A' - 10;
  828. else
  829. {
  830. mbedtls_printf("pre-shared key not valid hex\n");
  831. goto exit;
  832. }
  833. psk[ j / 2 ] = c << 4;
  834. c = opt.psk[j + 1];
  835. if( c >= '0' && c <= '9' )
  836. c -= '0';
  837. else if( c >= 'a' && c <= 'f' )
  838. c -= 'a' - 10;
  839. else if( c >= 'A' && c <= 'F' )
  840. c -= 'A' - 10;
  841. else
  842. {
  843. mbedtls_printf("pre-shared key not valid hex\n");
  844. goto exit;
  845. }
  846. psk[ j / 2 ] |= c;
  847. }
  848. }
  849. #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
  850. #if defined(MBEDTLS_SSL_ALPN)
  851. if( opt.alpn_string != NULL )
  852. {
  853. p = (char *) opt.alpn_string;
  854. i = 0;
  855. /* Leave room for a final NULL in alpn_list */
  856. while( i < (int) sizeof alpn_list - 1 && *p != '\0' )
  857. {
  858. alpn_list[i++] = p;
  859. /* Terminate the current string and move on to next one */
  860. while( *p != ',' && *p != '\0' )
  861. p++;
  862. if( *p == ',' )
  863. *p++ = '\0';
  864. }
  865. }
  866. #endif /* MBEDTLS_SSL_ALPN */
  867. /*
  868. * 0. Initialize the RNG and the session data
  869. */
  870. mbedtls_printf( "\n . Seeding the random number generator..." );
  871. fflush( stdout );
  872. mbedtls_entropy_init( &entropy );
  873. if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
  874. (const unsigned char *) pers,
  875. strlen( pers ) ) ) != 0 )
  876. {
  877. mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n", -ret );
  878. goto exit;
  879. }
  880. mbedtls_printf( " ok\n" );
  881. #if defined(MBEDTLS_X509_CRT_PARSE_C)
  882. /*
  883. * 1.1. Load the trusted CA
  884. */
  885. mbedtls_printf( " . Loading the CA root certificate ..." );
  886. fflush( stdout );
  887. #if defined(MBEDTLS_FS_IO)
  888. if( strlen( opt.ca_path ) )
  889. if( strcmp( opt.ca_path, "none" ) == 0 )
  890. ret = 0;
  891. else
  892. ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
  893. else if( strlen( opt.ca_file ) )
  894. if( strcmp( opt.ca_file, "none" ) == 0 )
  895. ret = 0;
  896. else
  897. ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
  898. else
  899. #endif
  900. #if defined(MBEDTLS_CERTS_C)
  901. for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
  902. {
  903. ret = mbedtls_x509_crt_parse( &cacert,
  904. (const unsigned char *) mbedtls_test_cas[i],
  905. mbedtls_test_cas_len[i] );
  906. if( ret != 0 )
  907. break;
  908. }
  909. #else
  910. {
  911. ret = 1;
  912. mbedtls_printf("MBEDTLS_CERTS_C not defined.");
  913. }
  914. #endif
  915. if( ret < 0 )
  916. {
  917. mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
  918. goto exit;
  919. }
  920. mbedtls_printf( " ok (%d skipped)\n", ret );
  921. /*
  922. * 1.2. Load own certificate and private key
  923. *
  924. * (can be skipped if client authentication is not required)
  925. */
  926. mbedtls_printf( " . Loading the client cert. and key..." );
  927. fflush( stdout );
  928. #if defined(MBEDTLS_FS_IO)
  929. if( strlen( opt.crt_file ) )
  930. if( strcmp( opt.crt_file, "none" ) == 0 )
  931. ret = 0;
  932. else
  933. ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
  934. else
  935. #endif
  936. #if defined(MBEDTLS_CERTS_C)
  937. ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
  938. mbedtls_test_cli_crt_len );
  939. #else
  940. {
  941. ret = 1;
  942. mbedtls_printf("MBEDTLS_CERTS_C not defined.");
  943. }
  944. #endif
  945. if( ret != 0 )
  946. {
  947. mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
  948. goto exit;
  949. }
  950. #if defined(MBEDTLS_FS_IO)
  951. if( strlen( opt.key_file ) )
  952. if( strcmp( opt.key_file, "none" ) == 0 )
  953. ret = 0;
  954. else
  955. ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
  956. else
  957. #endif
  958. #if defined(MBEDTLS_CERTS_C)
  959. ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key,
  960. mbedtls_test_cli_key_len, NULL, 0 );
  961. #else
  962. {
  963. ret = 1;
  964. mbedtls_printf("MBEDTLS_CERTS_C not defined.");
  965. }
  966. #endif
  967. if( ret != 0 )
  968. {
  969. mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret );
  970. goto exit;
  971. }
  972. mbedtls_printf( " ok\n" );
  973. #endif /* MBEDTLS_X509_CRT_PARSE_C */
  974. /*
  975. * 2. Start the connection
  976. */
  977. if( opt.server_addr == NULL)
  978. opt.server_addr = opt.server_name;
  979. mbedtls_printf( " . Connecting to %s/%s/%s...",
  980. opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
  981. opt.server_addr, opt.server_port );
  982. fflush( stdout );
  983. if( ( ret = mbedtls_net_connect( &server_fd, opt.server_addr, opt.server_port,
  984. opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
  985. MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
  986. {
  987. mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", -ret );
  988. goto exit;
  989. }
  990. if( opt.nbio > 0 )
  991. ret = mbedtls_net_set_nonblock( &server_fd );
  992. else
  993. ret = mbedtls_net_set_block( &server_fd );
  994. if( ret != 0 )
  995. {
  996. mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n", -ret );
  997. goto exit;
  998. }
  999. mbedtls_printf( " ok\n" );
  1000. /*
  1001. * 3. Setup stuff
  1002. */
  1003. mbedtls_printf( " . Setting up the SSL/TLS structure..." );
  1004. fflush( stdout );
  1005. if( ( ret = mbedtls_ssl_config_defaults( &conf,
  1006. MBEDTLS_SSL_IS_CLIENT,
  1007. opt.transport,
  1008. MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
  1009. {
  1010. mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n", -ret );
  1011. goto exit;
  1012. }
  1013. #if defined(MBEDTLS_X509_CRT_PARSE_C)
  1014. if( opt.debug_level > 0 )
  1015. mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
  1016. #endif
  1017. if( opt.auth_mode != DFL_AUTH_MODE )
  1018. mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
  1019. #if defined(MBEDTLS_SSL_PROTO_DTLS)
  1020. if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
  1021. mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
  1022. #endif /* MBEDTLS_SSL_PROTO_DTLS */
  1023. #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
  1024. if( ( ret = mbedtls_ssl_conf_max_frag_len( &conf, opt.mfl_code ) ) != 0 )
  1025. {
  1026. mbedtls_printf( " failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret );
  1027. goto exit;
  1028. }
  1029. #endif
  1030. #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
  1031. if( opt.trunc_hmac != DFL_TRUNC_HMAC )
  1032. mbedtls_ssl_conf_truncated_hmac( &conf, opt.trunc_hmac );
  1033. #endif
  1034. #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
  1035. if( opt.extended_ms != DFL_EXTENDED_MS )
  1036. mbedtls_ssl_conf_extended_master_secret( &conf, opt.extended_ms );
  1037. #endif
  1038. #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
  1039. if( opt.etm != DFL_ETM )
  1040. mbedtls_ssl_conf_encrypt_then_mac( &conf, opt.etm );
  1041. #endif
  1042. #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
  1043. if( opt.recsplit != DFL_RECSPLIT )
  1044. mbedtls_ssl_conf_cbc_record_splitting( &conf, opt.recsplit
  1045. ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
  1046. : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
  1047. #endif
  1048. #if defined(MBEDTLS_DHM_C)
  1049. if( opt.dhmlen != DFL_DHMLEN )
  1050. mbedtls_ssl_conf_dhm_min_bitlen( &conf, opt.dhmlen );
  1051. #endif
  1052. #if defined(MBEDTLS_SSL_ALPN)
  1053. if( opt.alpn_string != NULL )
  1054. if( ( ret = mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ) ) != 0 )
  1055. {
  1056. mbedtls_printf( " failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret );
  1057. goto exit;
  1058. }
  1059. #endif
  1060. mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
  1061. mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
  1062. mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
  1063. #if defined(MBEDTLS_SSL_SESSION_TICKETS)
  1064. mbedtls_ssl_conf_session_tickets( &conf, opt.tickets );
  1065. #endif
  1066. if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
  1067. mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
  1068. #if defined(MBEDTLS_ARC4_C)
  1069. if( opt.arc4 != DFL_ARC4 )
  1070. mbedtls_ssl_conf_arc4_support( &conf, opt.arc4 );
  1071. #endif
  1072. if( opt.allow_legacy != DFL_ALLOW_LEGACY )
  1073. mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy );
  1074. #if defined(MBEDTLS_SSL_RENEGOTIATION)
  1075. mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
  1076. #endif
  1077. #if defined(MBEDTLS_X509_CRT_PARSE_C)
  1078. if( strcmp( opt.ca_path, "none" ) != 0 &&
  1079. strcmp( opt.ca_file, "none" ) != 0 )
  1080. {
  1081. mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
  1082. }
  1083. if( strcmp( opt.crt_file, "none" ) != 0 &&
  1084. strcmp( opt.key_file, "none" ) != 0 )
  1085. {
  1086. if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
  1087. {
  1088. mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
  1089. goto exit;
  1090. }
  1091. }
  1092. #endif
  1093. #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
  1094. if( ( ret = mbedtls_ssl_conf_psk( &conf, psk, psk_len,
  1095. (const unsigned char *) opt.psk_identity,
  1096. strlen( opt.psk_identity ) ) ) != 0 )
  1097. {
  1098. mbedtls_printf( " failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret );
  1099. goto exit;
  1100. }
  1101. #endif
  1102. if( opt.min_version != DFL_MIN_VERSION )
  1103. mbedtls_ssl_conf_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
  1104. if( opt.max_version != DFL_MAX_VERSION )
  1105. mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
  1106. #if defined(MBEDTLS_SSL_FALLBACK_SCSV)
  1107. if( opt.fallback != DFL_FALLBACK )
  1108. mbedtls_ssl_conf_fallback( &conf, opt.fallback );
  1109. #endif
  1110. if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
  1111. {
  1112. mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
  1113. goto exit;
  1114. }
  1115. #if defined(MBEDTLS_X509_CRT_PARSE_C)
  1116. if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
  1117. {
  1118. mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
  1119. goto exit;
  1120. }
  1121. #endif
  1122. #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
  1123. if( opt.ecjpake_pw != DFL_ECJPAKE_PW )
  1124. {
  1125. if( ( ret = mbedtls_ssl_set_hs_ecjpake_password( &ssl,
  1126. (const unsigned char *) opt.ecjpake_pw,
  1127. strlen( opt.ecjpake_pw ) ) ) != 0 )
  1128. {
  1129. mbedtls_printf( " failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n", ret );
  1130. goto exit;
  1131. }
  1132. }
  1133. #endif
  1134. if( opt.nbio == 2 )
  1135. mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL );
  1136. else
  1137. mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv,
  1138. opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL );
  1139. #if defined(MBEDTLS_TIMING_C)
  1140. mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
  1141. mbedtls_timing_get_delay );
  1142. #endif
  1143. mbedtls_printf( " ok\n" );
  1144. /*
  1145. * 4. Handshake
  1146. */
  1147. mbedtls_printf( " . Performing the SSL/TLS handshake..." );
  1148. fflush( stdout );
  1149. while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
  1150. {
  1151. if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
  1152. {
  1153. mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n", -ret );
  1154. if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
  1155. mbedtls_printf(
  1156. " Unable to verify the server's certificate. "
  1157. "Either it is invalid,\n"
  1158. " or you didn't set ca_file or ca_path "
  1159. "to an appropriate value.\n"
  1160. " Alternatively, you may want to use "
  1161. "auth_mode=optional for testing purposes.\n" );
  1162. mbedtls_printf( "\n" );
  1163. goto exit;
  1164. }
  1165. }
  1166. mbedtls_printf( " ok\n [ Protocol is %s ]\n [ Ciphersuite is %s ]\n",
  1167. mbedtls_ssl_get_version( &ssl ), mbedtls_ssl_get_ciphersuite( &ssl ) );
  1168. if( ( ret = mbedtls_ssl_get_record_expansion( &ssl ) ) >= 0 )
  1169. mbedtls_printf( " [ Record expansion is %d ]\n", ret );
  1170. else
  1171. mbedtls_printf( " [ Record expansion is unknown (compression) ]\n" );
  1172. #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
  1173. mbedtls_printf( " [ Maximum fragment length is %u ]\n",
  1174. (unsigned int) mbedtls_ssl_get_max_frag_len( &ssl ) );
  1175. #endif
  1176. #if defined(MBEDTLS_SSL_ALPN)
  1177. if( opt.alpn_string != NULL )
  1178. {
  1179. const char *alp = mbedtls_ssl_get_alpn_protocol( &ssl );
  1180. mbedtls_printf( " [ Application Layer Protocol is %s ]\n",
  1181. alp ? alp : "(none)" );
  1182. }
  1183. #endif
  1184. if( opt.reconnect != 0 )
  1185. {
  1186. mbedtls_printf(" . Saving session for reuse..." );
  1187. fflush( stdout );
  1188. if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
  1189. {
  1190. mbedtls_printf( " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n", -ret );
  1191. goto exit;
  1192. }
  1193. mbedtls_printf( " ok\n" );
  1194. }
  1195. #if defined(MBEDTLS_X509_CRT_PARSE_C)
  1196. /*
  1197. * 5. Verify the server certificate
  1198. */
  1199. mbedtls_printf( " . Verifying peer X.509 certificate..." );
  1200. if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
  1201. {
  1202. char vrfy_buf[512];
  1203. mbedtls_printf( " failed\n" );
  1204. mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
  1205. mbedtls_printf( "%s\n", vrfy_buf );
  1206. }
  1207. else
  1208. mbedtls_printf( " ok\n" );
  1209. if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL )
  1210. {
  1211. mbedtls_printf( " . Peer certificate information ...\n" );
  1212. mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
  1213. mbedtls_ssl_get_peer_cert( &ssl ) );
  1214. mbedtls_printf( "%s\n", buf );
  1215. }
  1216. #endif /* MBEDTLS_X509_CRT_PARSE_C */
  1217. #if defined(MBEDTLS_SSL_RENEGOTIATION)
  1218. if( opt.renegotiate )
  1219. {
  1220. /*
  1221. * Perform renegotiation (this must be done when the server is waiting
  1222. * for input from our side).
  1223. */
  1224. mbedtls_printf( " . Performing renegotiation..." );
  1225. fflush( stdout );
  1226. while( ( ret = mbedtls_ssl_renegotiate( &ssl ) ) != 0 )
  1227. {
  1228. if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
  1229. ret != MBEDTLS_ERR_SSL_WANT_WRITE )
  1230. {
  1231. mbedtls_printf( " failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret );
  1232. goto exit;
  1233. }
  1234. }
  1235. mbedtls_printf( " ok\n" );
  1236. }
  1237. #endif /* MBEDTLS_SSL_RENEGOTIATION */
  1238. /*
  1239. * 6. Write the GET request
  1240. */
  1241. retry_left = opt.max_resend;
  1242. send_request:
  1243. mbedtls_printf( " > Write to server:" );
  1244. fflush( stdout );
  1245. len = mbedtls_snprintf( (char *) buf, sizeof(buf) - 1, GET_REQUEST,
  1246. opt.request_page );
  1247. tail_len = (int) strlen( GET_REQUEST_END );
  1248. /* Add padding to GET request to reach opt.request_size in length */
  1249. if( opt.request_size != DFL_REQUEST_SIZE &&
  1250. len + tail_len < opt.request_size )
  1251. {
  1252. memset( buf + len, 'A', opt.request_size - len - tail_len );
  1253. len += opt.request_size - len - tail_len;
  1254. }
  1255. strncpy( (char *) buf + len, GET_REQUEST_END, sizeof(buf) - len - 1 );
  1256. len += tail_len;
  1257. /* Truncate if request size is smaller than the "natural" size */
  1258. if( opt.request_size != DFL_REQUEST_SIZE &&
  1259. len > opt.request_size )
  1260. {
  1261. len = opt.request_size;
  1262. /* Still end with \r\n unless that's really not possible */
  1263. if( len >= 2 ) buf[len - 2] = '\r';
  1264. if( len >= 1 ) buf[len - 1] = '\n';
  1265. }
  1266. if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
  1267. {
  1268. for( written = 0, frags = 0; written < len; written += ret, frags++ )
  1269. {
  1270. while( ( ret = mbedtls_ssl_write( &ssl, buf + written, len - written ) )
  1271. <= 0 )
  1272. {
  1273. if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
  1274. ret != MBEDTLS_ERR_SSL_WANT_WRITE )
  1275. {
  1276. mbedtls_printf( " failed\n ! mbedtls_ssl_write returned -0x%x\n\n", -ret );
  1277. goto exit;
  1278. }
  1279. }
  1280. }
  1281. }
  1282. else /* Not stream, so datagram */
  1283. {
  1284. do ret = mbedtls_ssl_write( &ssl, buf, len );
  1285. while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
  1286. ret == MBEDTLS_ERR_SSL_WANT_WRITE );
  1287. if( ret < 0 )
  1288. {
  1289. mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );
  1290. goto exit;
  1291. }
  1292. frags = 1;
  1293. written = ret;
  1294. }
  1295. buf[written] = '\0';
  1296. mbedtls_printf( " %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf );
  1297. /*
  1298. * 7. Read the HTTP response
  1299. */
  1300. mbedtls_printf( " < Read from server:" );
  1301. fflush( stdout );
  1302. /*
  1303. * TLS and DTLS need different reading styles (stream vs datagram)
  1304. */
  1305. if( opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM )
  1306. {
  1307. do
  1308. {
  1309. len = sizeof( buf ) - 1;
  1310. memset( buf, 0, sizeof( buf ) );
  1311. ret = mbedtls_ssl_read( &ssl, buf, len );
  1312. if( ret == MBEDTLS_ERR_SSL_WANT_READ ||
  1313. ret == MBEDTLS_ERR_SSL_WANT_WRITE )
  1314. continue;
  1315. if( ret <= 0 )
  1316. {
  1317. switch( ret )
  1318. {
  1319. case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
  1320. mbedtls_printf( " connection was closed gracefully\n" );
  1321. ret = 0;
  1322. goto close_notify;
  1323. case 0:
  1324. case MBEDTLS_ERR_NET_CONN_RESET:
  1325. mbedtls_printf( " connection was reset by peer\n" );
  1326. ret = 0;
  1327. goto reconnect;
  1328. default:
  1329. mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
  1330. goto exit;
  1331. }
  1332. }
  1333. len = ret;
  1334. buf[len] = '\0';
  1335. mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
  1336. /* End of message should be detected according to the syntax of the
  1337. * application protocol (eg HTTP), just use a dummy test here. */
  1338. if( ret > 0 && buf[len-1] == '\n' )
  1339. {
  1340. ret = 0;
  1341. break;
  1342. }
  1343. }
  1344. while( 1 );
  1345. }
  1346. else /* Not stream, so datagram */
  1347. {
  1348. len = sizeof( buf ) - 1;
  1349. memset( buf, 0, sizeof( buf ) );
  1350. do ret = mbedtls_ssl_read( &ssl, buf, len );
  1351. while( ret == MBEDTLS_ERR_SSL_WANT_READ ||
  1352. ret == MBEDTLS_ERR_SSL_WANT_WRITE );
  1353. if( ret <= 0 )
  1354. {
  1355. switch( ret )
  1356. {
  1357. case MBEDTLS_ERR_SSL_TIMEOUT:
  1358. mbedtls_printf( " timeout\n" );
  1359. if( retry_left-- > 0 )
  1360. goto send_request;
  1361. goto exit;
  1362. case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
  1363. mbedtls_printf( " connection was closed gracefully\n" );
  1364. ret = 0;
  1365. goto close_notify;
  1366. default:
  1367. mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n", -ret );
  1368. goto exit;
  1369. }
  1370. }
  1371. len = ret;
  1372. buf[len] = '\0';
  1373. mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
  1374. ret = 0;
  1375. }
  1376. /*
  1377. * 7b. Simulate hard reset and reconnect from same port?
  1378. */
  1379. if( opt.reconnect_hard != 0 )
  1380. {
  1381. opt.reconnect_hard = 0;
  1382. mbedtls_printf( " . Restarting connection from same port..." );
  1383. fflush( stdout );
  1384. if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
  1385. {
  1386. mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", -ret );
  1387. goto exit;
  1388. }
  1389. while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
  1390. {
  1391. if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
  1392. ret != MBEDTLS_ERR_SSL_WANT_WRITE )
  1393. {
  1394. mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
  1395. goto exit;
  1396. }
  1397. }
  1398. mbedtls_printf( " ok\n" );
  1399. goto send_request;
  1400. }
  1401. /*
  1402. * 7c. Continue doing data exchanges?
  1403. */
  1404. if( --opt.exchanges > 0 )
  1405. goto send_request;
  1406. /*
  1407. * 8. Done, cleanly close the connection
  1408. */
  1409. close_notify:
  1410. mbedtls_printf( " . Closing the connection..." );
  1411. fflush( stdout );
  1412. /* No error checking, the connection might be closed already */
  1413. do ret = mbedtls_ssl_close_notify( &ssl );
  1414. while( ret == MBEDTLS_ERR_SSL_WANT_WRITE );
  1415. ret = 0;
  1416. mbedtls_printf( " done\n" );
  1417. /*
  1418. * 9. Reconnect?
  1419. */
  1420. reconnect:
  1421. if( opt.reconnect != 0 )
  1422. {
  1423. --opt.reconnect;
  1424. mbedtls_net_free( &server_fd );
  1425. #if defined(MBEDTLS_TIMING_C)
  1426. if( opt.reco_delay > 0 )
  1427. mbedtls_net_usleep( 1000000 * opt.reco_delay );
  1428. #endif
  1429. mbedtls_printf( " . Reconnecting with saved session..." );
  1430. if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
  1431. {
  1432. mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", -ret );
  1433. goto exit;
  1434. }
  1435. if( ( ret = mbedtls_ssl_set_session( &ssl, &saved_session ) ) != 0 )
  1436. {
  1437. mbedtls_printf( " failed\n ! mbedtls_ssl_conf_session returned %d\n\n", ret );
  1438. goto exit;
  1439. }
  1440. if( ( ret = mbedtls_net_connect( &server_fd, opt.server_addr, opt.server_port,
  1441. opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
  1442. MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP ) ) != 0 )
  1443. {
  1444. mbedtls_printf( " failed\n ! mbedtls_net_connect returned -0x%x\n\n", -ret );
  1445. goto exit;
  1446. }
  1447. if( opt.nbio > 0 )
  1448. ret = mbedtls_net_set_nonblock( &server_fd );
  1449. else
  1450. ret = mbedtls_net_set_block( &server_fd );
  1451. if( ret != 0 )
  1452. {
  1453. mbedtls_printf( " failed\n ! net_set_(non)block() returned -0x%x\n\n",
  1454. -ret );
  1455. goto exit;
  1456. }
  1457. while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
  1458. {
  1459. if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
  1460. ret != MBEDTLS_ERR_SSL_WANT_WRITE )
  1461. {
  1462. mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -ret );
  1463. goto exit;
  1464. }
  1465. }
  1466. mbedtls_printf( " ok\n" );
  1467. goto send_request;
  1468. }
  1469. /*
  1470. * Cleanup and exit
  1471. */
  1472. exit:
  1473. #ifdef MBEDTLS_ERROR_C
  1474. if( ret != 0 )
  1475. {
  1476. char error_buf[100];
  1477. mbedtls_strerror( ret, error_buf, 100 );
  1478. mbedtls_printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
  1479. }
  1480. #endif
  1481. mbedtls_net_free( &server_fd );
  1482. #if defined(MBEDTLS_X509_CRT_PARSE_C)
  1483. mbedtls_x509_crt_free( &clicert );
  1484. mbedtls_x509_crt_free( &cacert );
  1485. mbedtls_pk_free( &pkey );
  1486. #endif
  1487. mbedtls_ssl_session_free( &saved_session );
  1488. mbedtls_ssl_free( &ssl );
  1489. mbedtls_ssl_config_free( &conf );
  1490. mbedtls_ctr_drbg_free( &ctr_drbg );
  1491. mbedtls_entropy_free( &entropy );
  1492. #if defined(_WIN32)
  1493. mbedtls_printf( " + Press Enter to exit this program.\n" );
  1494. fflush( stdout ); getchar();
  1495. #endif
  1496. // Shell can not handle large exit numbers -> 1 for errors
  1497. if( ret < 0 )
  1498. ret = 1;
  1499. return( ret );
  1500. }
  1501. #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
  1502. MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
  1503. MBEDTLS_CTR_DRBG_C MBEDTLS_TIMING_C */